Using invidious with a Squid Proxy to make it transparent to all users regardless of browser/OS/etc...

[ElCoyote27]

The SQUID proxy (http://www.squid-cache.org/) has been available for decades and it has a cool feature named "url_rewrite_program" (I used to use this to extend squid with SquidGuard), e.g:

# UdfGuard's squid.conf section:
url_rewrite_program /usr/sbin/ufdbgclient -l /var/log/squid
url_rewrite_children 64 startup=16 idle=4 concurrency=0

I wonder if it would be possible to create a small url_rewrite_program (a shell script would work) to make the invidious lookaside automatic? That way, all clients would benefit from the invidious 'service' as long as they'd properly configured to use the proxy.
I was reading the redirector rules of invidious and they seemed similar to what the url_rewrite_program does.

Benefits:

• all lookadside configuration done on the squid server. All clients are made to use invidious by SQUID regardless of OS, Browser or config. They just need to use the squid proxy (and this can be made 100% transparent by using an iptables rule to redirect).

Ideas, Comments? Would that work? Note that I am unfamiliar with the intrinsics of squid's url_rewite_program inner works.

[unixfox]

Won't work due to HTTPS though... unless you are installing the root certificate of squid on the machines

[ElCoyote27]

I agree, but then again squid apparently has transparent SSL proxying with ssl_bump and I'd rather push a PAC URL + my CA to the clients machines than do the same client-side config for invidious on all clients.

e.g:

$ cat 20_ssl-mitm.conf

# Splicing
always_direct allow all
#acl broken_sites dstdomain .github.com

sslcrtd_program /usr/lib64/squid/security_file_certgen -s /etc/squid/certs/ssl_db -M 64MB

sslproxy_cert_error allow all
tls_outgoing_options flags=DONT_VERIFY_PEER

acl step1 at_step SslBump1
ssl_bump peek all
ssl_bump bump all
#ssl_bump splice broken_sites
ssl_bump splice all
ssl_bump stare all